Install and configure suhosin. You can whitelist functions inside eval() so functions like base64_decode are never allowed to execute.
In that case even when some bot managed to upload the payload, it cannot be executed correctly.